README, Linux transparent mode docs, requirements additions.

3 files changed, 52 insertions, 8 deletions

diff --git a/doc-src/transparent.html b/doc-src/transparent.html
index 689a2842..4e9b6774 100644
--- a/doc-src/transparent.html
+++ b/doc-src/transparent.html
@@ -1,15 +1,19 @@
 
-
-When a transparent proxy is used, traffic is redirected into a proxy at the network layer, without
-any client configuration being required. This makes transparent proxying ideal for those situations
-where you can't change client behaviour - proxy-oblivious Android applications being a common
-example.
+When a transparent proxy is used, traffic is redirected into a proxy at the
+network layer, without any client configuration being required. This makes
+transparent proxying ideal for those situations where you can't change client
+behaviour - proxy-oblivious Android applications being a common example.
 
 To set up transparent proxying, we need two new components. The first is a
 redirection mechanism that transparently reroutes a TCP connection destined for
 a server on the Internet to a listening proxy server. This usually takes the
 form of a firewall on the same host as the proxy server -
 [iptables](http://www.netfilter.org/) on Linux or
-[pf](http://en.wikipedia.org/wiki/PF_\(firewall\)) on OSX. When the proxy receives a redirected connection, it sees a vanilla HTTP request, without a host specification. This is where the second new component comes in - a host module that allows us to query the redirector for the original destination of the TCP connection.
+[pf](http://en.wikipedia.org/wiki/PF_\(firewall\)) on OSX. When the proxy
+receives a redirected connection, it sees a vanilla HTTP request, without a
+host specification. This is where the second new component comes in - a host
+module that allows us to query the redirector for the original destination of
+the TCP connection.
 
-At the moment, mitmproxy supports transparent proxying on OSX Lion and above, and all current flavors of Linux.kkkkk
\ No newline at end of file
+At the moment, mitmproxy supports transparent proxying on OSX Lion and above,
+and all current flavors of Linux.
diff --git a/doc-src/transparent/index.py b/doc-src/transparent/index.py
index d277d708..091b3471 100644
--- a/doc-src/transparent/index.py
+++ b/doc-src/transparent/index.py
@@ -1,6 +1,6 @@
 from countershape import Page
 
 pages = [
-    Page("linux.html", "Linux"),
     Page("osx.html", "OSX"),
+    Page("linux.html", "Linux"),
 ]
diff --git a/doc-src/transparent/linux.html b/doc-src/transparent/linux.html
index e69de29b..41840c75 100644
--- a/doc-src/transparent/linux.html
+++ b/doc-src/transparent/linux.html
@@ -0,0 +1,40 @@
+On Linux, mitmproxy integrates with the iptables redirection mechanism to
+achieve transparent mode.
+
+<ol class="tlist">
+
+    <li> <a href="@!urlTo("ssl.html")!@">Install the mitmproxy
+    certificates on the test device</a>. </li>
+
+    <li> Enable IP forwarding:
+
+    <pre class="terminal">sysctl -w net.ipv4.ip_forward=1</pre>
+
+    You may also want to consider enabling this permanently in
+    <b>/etc/sysctl.conf</b>.
+
+    </li>
+
+    <li> Create an iptables ruleset that redirects the desired traffic to the
+    mitmproxy port. Details will differ according to your setup, but the
+    ruleset should look something like this:
+
+<pre class="terminal">iptables -t nat -A PREROUTING -i eth0 -p tcp --dport 80 -j REDIRECT --to-port 8080
+iptables -t nat -A PREROUTING -i eth0 -p tcp --dport 443 -j REDIRECT --to-port 8080</pre>
+    
+    </li>
+
+    <li> Fire up mitmproxy. You probably want a command like this:
+
+        <pre class="terminal">mitmproxy -T --host</pre>
+
+        The <b>-T</b> flag turns on transparent mode, and the <b>--host</b>
+        argument tells mitmproxy to use the value of the Host header for URL
+        display.
+
+    </li>
+
+    <li> Finally, configure your test device to use the host on which mitmproxy is
+    running as the default gateway.</li>
+
+</ol>